Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here ΞΞ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub ΞΞ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

I have a similar problem on all pay nodes with my Aleph token. All pay nodes tell me "Auth rejected". Sometimes I can connect for a couple of minutes until it drops with Auth rejected. CryptoStorm is (apart from the free node) unusable for me right now. Because Twitter is banned with crypt...

I never watched Star Wars but this cracks me up: https://www.youtube.com/watch?v=lg_FoEy8T_A ___and even more___ https://www.youtube.com/watch?v=84YXPw4htnQ Hello everyone, it's good ol' uncle DesuStrike and I've got a little "present" for everyone who wants things to be a tad more secure...

It's situations like these when I'm sad that I'm not gay because I fucking love you Taelc! (wtf am I talking?! :D) I knew the router was not up to the task but this looks like it could handle connections up to 50MBit/s (at least according to my own experiments with different hardware). Stupid idea h...

The other kind of torrent "tracker"... ;) I'm sorry I kinda developed into a jack in the box of unpleasant surprises: popping out of nowhere rubbing salt into hidden wounds. Anyways: Love you guys! Always will be. Wish I had more time to hang around here. Please see the attached picture ab...

Cash in snail would be nice but I don't trust it to reach our friends at cs when send around half of the world. Also I don't know how safe it is for our friends to regularly go to the same post box to collect money. If I was Uncle Sam I would lay low near the box and hit as soon as somebody opens th...

I see no thread about the new forum design... or maybe I'm just blinded by the bright baby blue background. :lol: Please move this post into the right thread if there is one and I just missed it. I really like the new design as it fits the main page. It is (like always) unusual regarding the colour ...

Congrats from me as well! Better late than never, eh? ;P Let me give some of that praise right back at you. Yes I know and I'll never forget. Others might consider this a little thing but for me it also was a "faith in humanity restored"-moment. Or maybe now I just know who I can trust and...

I just updated the list, replaced the old mishigami IP 167.88.9.27 with the new 198.204.245.2 one, and added the new singapore IP Thanks for keeping this list recent. Work got hold of me again and I appreciate all the help the community helpers and/or admins can provide in keeping these howtos up2d...

Client isolation is a very important topic also for "Guest" WIFI access points, if you run one. But it is indeed strange that OpenVPN allowed such a thing even with the feature disabled. O.o Thanks to OkayKappa for being such an observant member of the community and reporting his finding! ...

New exit nodes become a somewhat double edged sword to me. I'm happy about every new node but since Turing it's also coupled with a sad and tragic story of individuals from the past. Nonetheless I welcome this new direction for naming exit nodes. While most of the cryptostorm community use this proj...

We had a great discussion about Sealand and it's history on IRC some time ago. Sealand has a history fit for a blockbuster movie but in the end the "King" of Sealand is loyal to the british crown and thus there is no advantage whatsoever to build an exit node on Sealand. In the end I thing...

Oh boy what a great start for a service that basically provides me with a browser I enter all kinds of sensitive information to. And I mean this for both: The guys that got their database stolen and the guy that now runs the other service. I kept away from this because I shudder from the simple fact...

its lead from the Soviet Union rather than the European Union This part actually made me go and look how they call Belarus in German because I don't know this name: Weißrussland (White Russia) I actually know this country by it's German name and afaik it's widely known to be "the last dictator...

Damn RAS, falls on its ass in the same way that FireGloves did... it cannot properly mask timezone and screen resolution... :( AFAIK Secret Agent was able to do that but it was very lacking in all other regards RAS is covering very well. Also with Javascript active you always can read out the syste...

warning: 'comp-lzo' is present in remote config but missing in local config. remote='comp-lzo' This is an error I know of as well. The Linux config clearly says it disables compression for security reasons. In android I manually set the compression flag because otherwise it won't work right. On Lin...

I remember this from my windows days. I don't know why but creating virtual network adapters in windows sooner or later will result in this situation. (Tested on WinXP and Win7) Especially when you use different software that each create their own virtual adapter or software that regularly removes a...

The forum now supports embedding of video links from (allegedly) every video site. Let's put that bold statement to a test (and keep the video spam all in one place) and post some videos that might be entertaining or interesting to other people. Please no 18+ content! :mrgreen: ...

As tempting as this idea might be there are numerous reasons why they should not or even why it makes not sense at all (at least this moment). I'd be the fist one to rent a server hosted inside grazes cookie jar, protected by pjs furry friends and that runs on manure provided by dfs magical unicorns...

I wish I could be more of help with this matter but due to lack of competence with coding and compiling, I have no other choice to ask you guys for updates, heh :angel: Tell me about it! I always hang around github, looking at interesting projects browsing the code and wishing I could contribute bu...

ps : sorry to be butting in on your locked thread, DS... rather rude thing to do. :-/ No problem pj, that's totally fine! This is a issue that needs to be discussed or better decided on so it can be included in the current forum upgrade process. (More and more things pop up around here and I like t...

afaik dynamic switches you to a new random node with every reconnect from a lost connection. So if you've got an unstable mobile connection for example, you will regularly switch IPs. smooth on the other hand gives you a random IP on first connection and then "locks you in" for the duratio...

@Dude: There are some VPN bugs in Android versions after 4.2.1 afaik. I use 4.4.4 after the former versions became too insecure and have a similar problem with DNS resolution but it's still different from yours. I think using IP is the only way to fix your problem but if you are happy with your work...

This is both moving and impressive. I learned a lot about Turing I didn't know before. I think providing a tool to protect people from those who persecuted Alan Turing is a wonderful way to honor this great man. Better than any statue or memorial plaque.

I find science fascinating in general but Astronomy and other "space science" often lets my jar drop. It's really exciting how often they find new objects or occurrences that call widely believed theories into questions. I find this process of regularly scrutinizing your view on this unive...

...and on that note, I shall enter the real world (albeit, outdoors, amongst the walking dead, surrounded by machines spewing out our violated dreams and temptation). Not for long though, I get pissed off when people don't say HI to me as they walk past... lmao I sometimes wonder if you are actuall...

Anyone heard of this? BitBox I know someone who actually does this manually to avoid browser identification by Google and such. His host browser never touched a google domain in years. Though it needs plugins for shared clipboard between VM and Host to provide comfortable usage and even with this I...

Just 2 minors things left 1. Don't worry. This is no misconfiguration on your side but those two simply do not resolve. (I'll report this.) Which brings us two the second issue... 2. Don't worry (again^^), you don't have DNS problems. I try to make this as short as possible: There are basically two...

I guess you are talking about the load balancer option, right? I can only guess here because I don't use the widget and know this stuff only second hand. But to my knowledge the configuration files for the nodes and load balancers are not dynamically updated like the drop down menu but either hardco...

Ahhh! Sorry, I just saw you use the "original" OpenVPN client for android. I don't know the official support status for this but let me tell you from my personal experience that the "official" android client is total crap and not really compatible with CryptoStorm. In the past th...

This must be the windows IP if I remember correctly though I wouldn't recommend using it at this moment. The nodelist is used by the windows widget and thus represents the teams selection of production ready windows exit nodes.

marzametal wrote:The new reloaded Silk Road has switched from Tor to this - I2P

I'm always wary of security and privacy build on java and such. I know this is a bold statement from someone who uses an android phone but the Java VM has a remarkable track record of security nightmares.

@DudeOfLondon You don't need a seperate certificate file because all configs come with one inline. So my suggestion would be to clear all imported configurations, import your desired one and don't touch the cert options. Arne's OpenVPN client will grab it automatically. Haha... You just posted while...

I took the liberty to fix the URL for the MAC generator. What I can't fix: -> https://cryptostorm.nu/webchat redirecting to tokenizer. -> https://poodlescan.net/ redirecting to forum main page. -> couple more that are not marked as being "in process" I cut things short because I'm actually...

Well, I am the one who set Fermi up to run the spoofability test because marzametal and I got those crazy results showing several IPs belonging to Google. Even though Fermi could not exactly reproduce our findings his results are strange as well. So I'm starting to think we have several problems her...

At first I thought this canary would be THE solution but while writing this post I realized it is not. First let me tell you why canaries in transparency reports are useless. I regularly hear people saying stuff like "They can force you to shut up but they can't force you to lie!". I think...

CanvasBlocker (Also for Firefox for Android) The technique of des canvas-fingerprinting (more informations: http://www.browserleaks.com/canvas ) to identify users can be prevented with this Add-On. Therefore the <canvas>-API which is necessary for the fingerprinting gets blocked. The different bloc...

I agree on the endless comments under guides being confusing and/or intimidating to new users. In fact your post here made me just realized how important clean one post threads are for guides. Our little discussion here already draws away attention from the relevant facts in the first post. Imagine ...

100%[======================================>] 104.857.600 7,89MB/s in 13s 2015-01-07 14:09:26 (7,73 MB/s) - ‘/dev/null’ saved [104857600/104857600] Connected to Cantus (Germany) In fact it went up over 8 MB/s (64Mbit/s) at some point. I wonder... Do you have any kind of QoS (Quality of Service) runn...

I think this is a good place to mention that the last couple of days both Fermi and I experience strange lags when resolving DNS queries with the standard pushed DNS servers. I'll try to find the culprit and will test if it gets better when I remove it. Just another reason for in house DNS resolvers...

Can you try this one and report the results? wget -O /dev/null http://cachefly.cachefly.net/100mb.test Those flash/html5 speed tests are very unreliable and regularly provide completely false information. With apple I wouldn't be surprised if there is some kind of traffic shaping based on ISP in pla...

You are absolutely right! Thank you very much for pointing this out. The screenshot is fixed now.I did this guide from memory as I don't run CryptoStorm on my router right now and felt I forgot something. This was it.

I run dd-wrt as well. I just bought a aleph token- would greatly apreciate any attention admin here could give to the dd-wrt setup thread, it's a bit of an outdated mess. To be perfectly honest, more than a couple tutorials suffer from the same affliction and we're working to fix that. We've alread...

DNS Spoofability Test: https://www.grc.com/dns/dns.htm Will test it as soon as I added the Servers to my setup but maybe some people will run their own test. EDIT: I forgot to make screenshots but to make a long story short: The DNS servers are indeed very beta at the moment. -> The performance is v...

THANK YOU! I was waiting for this like from the day I switched to cryptostorm. DNS censorship is a lengthly discussed issue in my country but even though we managed to prevent it being broadly deployed so far there already is a (recently leaked) government maintained secret blacklist for "yout...

Bunkers don't work. Period. You really strike a chord with that statement. I could start giving talks for hours about this but I just want to boil it down in a few sentences without derailing this thread: With all this unlimited funds government dragnet surveillance around and on the other side pro...

@oldnewb: I hope you didn't took our reaction as critique against you. Our reaction is purely directed against those guys... ehrm... "security decisions"... As I said in my first sentence: I'm glad that you (and hopefully others as well) are looking around, inform themselves and if they go...

First I want to thank oldnewb about caring enough for CryptoStorm that he is looking for ways to improve it. Community input and fresh ideas are very important and always welcome. You also involuntarily provided a good example for how dangerous the marketing yap of many "VPN-Services" is. ...

I'm not even remotely close to be an expert like you are but I also grew desperate on this topic when I tried to secure a server. There is just no cipher suite available at the moment that is both 100% acceptable from a security stance but also compatible with all popular browsers and OS. If you wan...

Because most of my guides/howtos somewhat depend on each other to properly work I decided to make a small reference chart. This chart contains both threads and single posts. I try my best to keep all guides up2date. I hope you enjoy and happy tunneling! UP 2 DATE Linux/RAW IP reference chart LEAKBL...

EDIT: Since this data is out of date and there's no plans to update it, I'm going to go ahead and lock this thread. The most up to date OpenVPN configs (Linux too) are always at https://github.com/cryptostorm/conf/ I hereby invite the community helpers and staff to keep these reference charts and h...

When using any of the here mentioned terminal connection methods there will be never be any GUI indication for VPN connection whatsoever. You must verify your VPN connection status via whoer.net or similar. Just look if you have a different IP than usually. Also: If paritoboys or my terminal method ...

Oh wow! I have to take a closer look on that one! Sandboxing isn't the holy grail as many exploits used for sandbox breakouts proof but it certainly adds a somewhat useful extra layer of security if done right.